VPN IP ASSIGNMENT ISSUE

tmickle · ‎05-23-2002

Here is my situation:

Outside VPN IP: 210.140.50.80-85 (using ficticious addresses as to not reveal my addresses))

Inside VPN IP: 192.168.190.253

Outside Trusted network router: 192.168.190.254

Inside trusted network: 192.1.1.X

IGR using 210.140.50.80

PIX outside interface 210.140.50.81

Email server 210.140.50.82

NAT for browsing 210.140.50.83

210.140.50.84-85 Used for VPN clients no NAT

How do I allow more than just two VPN connections? Do I have to have a valid IP address for each client that connects or is thier something I should be doing with NAT here? Clients are connecting to the 210.140.50.81 address than taking an address from the pool that includes 210.140.50.84-85. Is there a way to hand them off to my trusted network for IP assignment?

jfrahim · ‎05-23-2002

I am not sure if I am following your topology properly. Can you describe your topology better .. I am not sure how your pix firewall is connected to the VPN, and sure what VPN devices are you using ( 3000 concentrator, 5000 concentrator, pix, IOS )

Thanks

Jazib

tmickle · ‎05-23-2002

I changed all the IP addresses these are all fake but it is the same topology

Hopefully this explains it a bit better:

(INTERNET)

||

\/

(IGR) --> 206.140.80.80

||

\/

(PIX 515E) --> [OUT INT]206.140.80.81 [IN INT]192.168.190.253

||

\/

(TRUSTED ROUTER) --> [LAN 1]192.168.190.254 [LAN 2]192.1.1.13

||

\/

(TRUSTED NETWORK) --> 192.1.1.0

The PIX 515E is running VPN and Firewall services

For the client side I am running Cisco 3.5.1

I am assigning the VPN clients an ip address from a pool of addresses (206.140.80.82-84). Problem is I want to have 10 clients connect to the VPN possibly at the same time on some occasions but only have 3 IP addresses . Do I have to assing each client a seperate IP address or can I do nat or pat or something.

Hope that clears it up